tests: add mock PKCS#11 module disabling RSA-PSS

This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the
use of the CKM_RSA_PKCS_PSS mechanism.  That way we can simulate the
situation where the certificate is RSA while the private key cannot be
used for RSA-PSS.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

2 files changed, 114 insertions, 0 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 97e63cdbae..37e33c0efe 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -311,6 +311,11 @@ libpkcs11mock1_la_SOURCES = pkcs11/pkcs11-mock.c pkcs11/pkcs11-mock.h pkcs11/pkc
 libpkcs11mock1_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version
 libpkcs11mock1_la_LIBADD =  ../gl/libgnu.la
 
+noinst_LTLIBRARIES += libpkcs11mock2.la
+libpkcs11mock2_la_SOURCES = pkcs11/pkcs11-mock2.c
+libpkcs11mock2_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version
+libpkcs11mock2_la_LIBADD =  ../gl/libgnu.la
+
 pkcs11_cert_import_url_exts_SOURCES = pkcs11/pkcs11-cert-import-url-exts.c
 pkcs11_cert_import_url_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la
 
@@ -524,6 +529,7 @@ TESTS_ENVIRONMENT +=						\
 	LSAN_OPTIONS=suppressions=gnutls-asan.supp		\
 	CAFILE=$(srcdir)/cert-tests/data/ca-certs.pem		\
 	P11MOCKLIB1=$(abs_builddir)/.libs/libpkcs11mock1.so	\
+	P11MOCKLIB2=$(abs_builddir)/.libs/libpkcs11mock2.so	\
 	PKCS12_MANY_CERTS_FILE=$(srcdir)/cert-tests/data/pkcs12_5certs.p12	\
 	PKCS12FILE=$(srcdir)/cert-tests/data/client.p12		\
 	PKCS12PASSWORD=foobar					\
diff --git a/tests/pkcs11/pkcs11-mock2.c b/tests/pkcs11/pkcs11-mock2.c
new file mode 100644
index 0000000000..44bf517bc3
--- /dev/null
+++ b/tests/pkcs11/pkcs11-mock2.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <dlfcn.h>
+#include <p11-kit/pkcs11.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include "softhsm.h"
+
+/* This provides a mock PKCS #11 module that delegates all the
+ * operations to SoftHSM except that it filters out CKM_RSA_PKCS_PSS
+ * mechanism.
+ */
+
+static void *dl;
+static CK_C_GetMechanismInfo base_C_GetMechanismInfo;
+static CK_FUNCTION_LIST override_funcs;
+
+#ifdef __sun
+# pragma fini(mock_deinit)
+# pragma init(mock_init)
+# define _CONSTRUCTOR
+# define _DESTRUCTOR
+#else
+# define _CONSTRUCTOR __attribute__((constructor))
+# define _DESTRUCTOR __attribute__((destructor))
+#endif
+
+static CK_RV
+override_C_GetMechanismInfo(CK_SLOT_ID slot_id,
+			    CK_MECHANISM_TYPE type,
+			    CK_MECHANISM_INFO *info)
+{
+	if (type == CKM_RSA_PKCS_PSS)
+		return CKR_MECHANISM_INVALID;
+
+	return base_C_GetMechanismInfo(slot_id, type, info);
+}
+
+CK_RV
+C_GetFunctionList(CK_FUNCTION_LIST **function_list)
+{
+	CK_C_GetFunctionList func;
+	CK_FUNCTION_LIST *funcs;
+
+	assert(dl);
+
+	func = dlsym(dl, "C_GetFunctionList");
+	if (func == NULL) {
+		return CKR_GENERAL_ERROR;
+	}
+
+	func(&funcs);
+	base_C_GetMechanismInfo = funcs->C_GetMechanismInfo;
+
+	memcpy(&override_funcs, funcs, sizeof(CK_FUNCTION_LIST));
+	override_funcs.C_GetMechanismInfo = override_C_GetMechanismInfo;
+	*function_list = &override_funcs;
+
+	return CKR_OK;
+}
+
+static _CONSTRUCTOR void
+mock_init(void)
+{
+	const char *lib;
+
+	/* suppress compiler warning */
+	(void) set_softhsm_conf;
+
+	lib = softhsm_lib();
+
+	dl = dlopen(lib, RTLD_NOW);
+	if (dl == NULL)
+		exit(77);
+}
+
+static _DESTRUCTOR void
+mock_deinit(void)
+{
+	dlclose(dl);
+}